Conversation
…ller & larger devices
…8-well-detail-additional-fields
[BDMS-413] Update search bar for contacts & assets
[NO TICKET] Updates `src/generated` files
…-patch [BDMS-354] Update show group/project page to include a fallback component
…ighting-in-search-results [NO TICKET] Add highlighting to phone numbers
[NO TICKET] Update generated zod files
…o-Google-Maps [BDMS-323] Add link to google maps
[BDMS-337] Move the Contacts section on the well details page.
[BDMS-347] Update the map component to display the entire state.
[BDMS-446] Go through OcotilloUI repo in order to make repo public
chore(generated): Update zod types
[BDMS-536] Add app timezone config for formatting UTC timestamps
chore(generated): Update generated files
…th redirect
Return { success: true, redirectTo: '/login' } from login to explicitly
tell Refine to stay on the login page while window.location.assign
handles the external redirect to Authentik.
Co-authored-by: Cursor <cursoragent@cursor.com>
…ion-at-login [NO TICKET] Refactor Auth Flow: Fix Login Races, Improve Token Validation, and Add Error Handling
chore(generated): Update zod types
[BDMS-382] Add hover text & legend to Core Well Info card chips
[BDMS-536] Update the easting and northing values to follow the standard convention.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ad533950cf
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| localStorage.setItem(STORAGE_KEYS.idToken, data.id_token) | ||
| localStorage.setItem(STORAGE_KEYS.refreshToken, data.refresh_token) |
There was a problem hiding this comment.
This refresh path writes data.id_token and data.refresh_token to localStorage unconditionally, but OAuth refresh responses are valid even when those fields are omitted; in that case localStorage.setItem stores the literal string "undefined". Once that happens, permission decoding and subsequent refresh calls operate on invalid token values, which can silently de-authorize users after their first token refresh.
Useful? React with 👍 / 👎.
| if (isJwtExpired(access) && !IS_TESTING_AUTH) { | ||
| tokenStore.accessToken = null | ||
| tokenStore.idToken = null | ||
| tokenStore.refreshToken = null | ||
| return { authenticated: false, redirectTo: '/login' } |
There was a problem hiding this comment.
When check sees an expired access token, it immediately clears all tokens and redirects to /login instead of attempting a refresh via the existing refresh-token flow. In practice, users with a still-valid refresh token will be logged out on page load/route change at access-token expiry, causing avoidable session drops.
Useful? React with 👍 / 👎.
4 participants
Why
This PR addresses the following problem / context:
How
Implementation summary - the following was changed / added / removed:
Notes
Any special considerations, workarounds, or follow-up work to note?